EDR in block mode stops IcedID cold
Endpoint detection and response (EDR) in block mode in Microsoft Defender for Endpoint turns EDR detections into real-time blocking of threats. Learn how it stopped an IcedID attack.
Threat actor leverages coin miner techniques to stay under the radar – here’s how to spot them
BISMUTH, which has been running increasingly complex cyberespionage attacks as early as 2012, deployed Monero coin miners in campaigns from July to August 2020. The group’s use of coin miners was unexpected, but it was consistent with their longtime methods of blending in.
Trickbot disrupted
Microsoft took action against the Trickbot botnet, disrupting one of the world’s most persistent malware operations. Microsoft worked with telecommunications providers around the world to disrupt key Trickbot infrastructure.
Industry-wide partnership on threat-informed defense improves security for all
MITRE Engenuity’s Center for Threat-Informed Defense has published a library of detailed plans for emulating the threat actor FIN6 (which Microsoft tracks as TAAL). Microsoft is proud to be part of this industry-wide collaborative project.
Inside Microsoft 365 Defender: Mapping attack chains from cloud to endpoint
In the first blog in the Inside Microsoft Threat Protection series, we will show how MTP provides unparalleled end-to-end visibility into the activities of nation-state level attacks like HOLMIUM.
Blue teams helping red teams: A tale of a process crash, PowerShell, and the MITRE ATT&CK evaluation
Inspired by MITRE’s transparency in publishing the payloads and tools used in the attack simulation, we’ll describe the mystery that is Step 19 and tell a story about how blue teams, once in a while, can share important learnings for red teams.
Inside Microsoft 365 Defender: Attack modeling for finding and stopping lateral movement
Microsoft Threat Protection uses a data-driven approach for identifying lateral movement, combining industry-leading optics, expertise, and data science to deliver automated discovery of some of the most critical threats today.
Insights from one year of tracking a polymorphic threat
We discovered the polymoprhic threat Dexphot in October 2018. In the months that followed, we closely tracked the threat as attackers upgraded the malware, targeted new processes, and worked around defensive measures.
In hot pursuit of elusive threats: AI-driven behavior-based blocking stops attacks in their tracks
Two new machine learning protection features within the behavioral blocking and containment capabilities in Microsoft Defender ATP specialize in detecting threats by analyzing behavior, adding new layers of protection after an attack has started running.
One simple action you can take to prevent 99.9 percent of attacks on your accounts
Learn about common vulnerabilities and what you can do to protect your company from attacks.